What is Vulnerability Scanning?

There are different types of vulnerability scanning as well as different software for each. But what is it exactly?

A vulnerability scanner is a software or an application developed to scan computers, networks, and even websites for possible security threats. It is responsible for the analysis of how strong or weak a computer’s or a server’s defenses are. By scanning, the users and technicians will know, or at least have an overview of, what threats or issues they are dealing with in terms of the security of a network, website, computer, or server.

Vulnerability ScanningIf you are to choose the right vulnerability scanner, then you first need to know the main kinds to understand your options better. There are at least two main categories I’d like to talk about.

Network Vulnerability Scanners

These scanners are often installed into one machine and are configured to access and scan multiple computers and networks. These are programmed to detect vulnerabilities of the devices, alerting the user or an IT person if there are mis-configured settings or if the treat is coming from either a pre-installed application or a user-installed application. The network vulnerability scanner works on anything that has to do with firewalls, networks, web servers, and system administration. They deal with high-profile information but not individual files since they are not installed directly onto the host.

Hosted Vulnerability Scanners

These scanners are installed on the host (the computer or system being scanned). These types of scanners take care of the low-profile information such as passwords, operating systems of the computers they were installed in, suspicious files downloaded, and file system checks.

Despite having technology to do all the job for the security of your computer, network, servers, and everything in the cloud, it is also crucial that you understand their limitations.

Vulnerability scanners are coded software that, at some point in time, may fail to do what you expect them to do. They are programmed to take snapshots of your system’s security status at a given time. It is highly recommended that users regularly scan their devices to get the most updated (if not the exact) security status of the systems and files therein. Trust Guard currently scans for 75,575 security holes. 


JonnaArticle written by Jonna Lindawan

Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Tesla Cars Hacked through Mobile App

‘Tis the season for giving, but Tesla may be offering more than what was originally planned.

If you’re a hacker, and you want a new Tesla car for the holidays, all you have to do is access the company’s smartphone app.

New research shows that Tesla cars can be stolen by hacking the company’s smartphone app.

Tesla Cars Vulnerable
According to SCMagazineUK, Norwegian app security firm Promon has demonstrated through research that cyber-criminals could take control of Tesla vehicles, to the point where they can locate, unlock and drive the car away unhindered. Such a hack, possible by exploiting a lack of security in their smartphone app, gives criminals total control of the vehicle, providing additional functionality to that exposed by Keen Security Labs in a different hack in late September.

This is all done by attacking and taking control of the Tesla app. This underlines the vital importance of app security, and the wider implications this could have for IoT-connected devices in general. (IoT refers to the ever-growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other internet-enabled devices and systems.) Most people understand the importance of online website security – and only visiting sites that constantly check for vulnerabilities, but few consider the potential issues with mobile security.

Tom Lysemose Hansen, founder and CTO at Promon, said: “Keen Security Labs’ recent research exploited flaws in the CAN bus systems of Tesla vehicles, enabling them to take control of a limited number of functions of the car. Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car.”

One way for the hack to work is for cyber-criminals to set up a Wi-Fi hotspot close to a public Tesla charging point. When Tesla users log in and visit a page, an advert targeting car owners appears, offering an incentive such as a free meal. When clicking this link and downloading the accompanying app, hackers can gain access to the user’s mobile device, which enables them to attack the Tesla app.

According to Hansen, the ease with which any tech-savvy criminal can steal a Tesla car in this way is indicative of a need for a much greater focus on in-app security across all IoT-connected devices and applications. “Mobile-focused criminals are more skilled than ever before and are using a lack of security in mobile apps as an increasingly lucrative source of revenue. Remotely controlling and stealing Tesla cars is a particularly dangerous example of just what can be done, but in theory, any app without the necessary protection in place could be affected.

“One way to achieve this is by introducing self-defending app software that protects the app from the inside out, greatly reducing the possibility of a cyber-attack. By moving away from having a physical car key to unlock the door, Tesla is basically taking the same step as banks and the payment card industry. Physical tokens are replaced by ‘mobile tokens’. We strongly believe that Tesla and the car industry needs to provide a comparable level of security, which is certainly not the case today.”

Hansen concluded: “Tesla is a shining example of how technological advances are providing unprecedented levels of innovation and user convenience. However, our increasingly app-focused world needs to be urgently secured, to prevent criminals from seizing their opportunity on a large scale.”

 

Special thanks to SCMagazineUK.com for providing much of the content for this article.

Five Tips to Protect Yourself from Malware

malwareYou need to know how to protect yourself from malware.

Recently, Cisco Systems tested the software of 115,000 devices for security gaps.  Of these devices, 92 percent were identified as having security vulnerabilities such as malware. No wonder every time you turn around there is another tweet about somebody getting hacked. It is projected that issues will continue to increase as cyber criminals look to double their efforts to attack individuals and businesses.

Unfortunately, with these increased risks of malware attacks, if you don’t scan your website for malware and other vulnerabilities consistently, it is important for you to know if you are potentially infected. Here are some ways that could help you determine if your computer is infected with malware:

1. Unusually slow speed – Slow speed can be the first red flag noticed when a PC becomes infected with malware.

2. Unwanted browser revamps – Does your web browser look newly updated and you did not update it?  This could be a potential malware hack.

3. Suspicious social media messages –  These are messages that appear to have been sent from your social media accounts to friends, which could include malicious links.Malware-Virus-2

4. Computer crashes and/or program problems – Typically, we think it could be a small technical issue causing this, but it could be something much bigger.

5. Pop-ups, pop-ups, pop-ups – The most common form of adware; however these could also include ill-intended links.

So what can you do to prevent malware?  If you already have an anti-virus program, make sure it is enabled.  There are times where the anti-virus program could become unintentionally disabled, leaving your PC completely unprotected.  Also, you will want to be sure to check your firewalls, as well as ensure your PC is up-to-date with all software updates. For your website, you’ll want to run periodic vulnerability scanning to inform you of security risks that need to be resolved in order to keep hackers away.